BUG/MEDIUM: pattern: fixup use_after_free in the pat_ref_delete_by_id I found there is use_after_free bug in the pat_ref_delete_by_id. [wt: it seems this fix must be backported to 1.5 as well]

commit: aede6ddd1f3a9ad553bc17eba9b0b1d09094b3ca [log] [tgz]
author: peter cai <peter.cai008@gmail.com> Wed Oct 07 00:07:43 2015 -0700
committer: Willy Tarreau <w@1wt.eu> Tue Oct 13 18:31:49 2015 +0200
tree: 7d3ae28515082cb0da366eef7824ecf3a0ad4b5e
parent: 7e0c9713b4bb8e9ba2e56396f66d6bff29f78476 [diff]
diff --git a/src/pattern.c b/src/pattern.c
index 07e1a52..254c106 100644
--- a/src/pattern.c
+++ b/src/pattern.c

@@ -1540,14 +1540,13 @@
 	/* delete pattern from reference */
 	list_for_each_entry_safe(elt, safe, &ref->head, list) {
 		if (elt == refelt) {
+			list_for_each_entry(expr, &ref->pat, list)
+				pattern_delete(expr, elt);
+
 			LIST_DEL(&elt->list);
 			free(elt->sample);
 			free(elt->pattern);
 			free(elt);
-
-			list_for_each_entry(expr, &ref->pat, list)
-				pattern_delete(expr, elt);
-
 			return 1;
 		}
 	}
commit	aede6ddd1f3a9ad553bc17eba9b0b1d09094b3ca	[log] [tgz]
author	peter cai <peter.cai008@gmail.com>	Wed Oct 07 00:07:43 2015 -0700
committer	Willy Tarreau <w@1wt.eu>	Tue Oct 13 18:31:49 2015 +0200
tree	7d3ae28515082cb0da366eef7824ecf3a0ad4b5e
parent	7e0c9713b4bb8e9ba2e56396f66d6bff29f78476 [diff]